Smith 1
Computers use network cards to partition and transmit data across a
network; therefore, the network card must be properly connected to the operating
system to insure efficient partitioning and transmitting procedures. Ifconfig and
netstat are the primary commands for setting up and maintaining a network in a
Unix environment. Ifconfig does the configuration, and netstat does the
monitoring.
The term, ifconfig, is a keyword for Interface Configuration. At boot time,
the ifconfig command is executed by the kernel to initialize the computer’s
network interface. After boot time, one can alter the existing interfaces by using
this command. Users are usually required to be logged in as the root user
(admin) to use the ifconfig command. The netstat command displays the
functionality of those interfaces initiated by ifconfig. Since this command does
not have the ability to alter an interface, all users typically have access to it.
IFCONFIG
Ifconfig has three primary functions
 Network interface creation
 Network interface modification
 Network interface evaluation
Network Interface Creation
This process is executed automatically by the operating system at boot
time independent of the user input/interference. The operating system identifies
the installed network devices and creates a network interface for each one.
Every time the computer is started up, this process must be executed.
Network Interface Modification
Syntax: ifconfig interface addressfamily address parameter
In the syntax string above, “interface” refers to the abbreviated version of
a particular network interface followed by a number. Abbreviations for the more
popular interfaces include:
 “at” for Automated Transfer Mode
 “eth” for IEEE 802.3 Ethernet
 “lo” for Loopback
 “sl” for serial line IP
Each of these network interface types correspond to a particular device used by
computers for communication. For instance, IEEE 802.3 Ethernet is used for
Ethernet cards; the serial line IP network interface is used when setting up serial
port communications. The loopback interface is used for communication
between the drivers within the computer.
Smith 2
The parameter “addressfamily” dictates to the operating system how to
decode the address parameters that follow. Each family has a different address
encoding/decoding scheme. The default family is “inet;” other address families
include “unix,” “ipx” (Novell IPX), and “ddp” (Appletalk DDP).
The parameter “parameter” is for setting status flags and toggling features
on and off. Two common flags are “up” and “down.” These flags turn the
specified interface on and off. A flag commonly used by network administrators
is the “add” flag, synonymous with “alias.” When networks need to be upgraded
or shutdown for maintenance the alias flag allows administrators to swap devices
without the users realizing it. Administrators simply route the traffic through a
free network interface setup with an alias to the old network interface.
Network Interface Evaluation
Syntax: ifconfig
-or-
ifconfig interface
The command “ifconfig” displays all of the network interface information
about all the network interfaces currently running on the computer. By including
the parameter “interface” the operating system displays only the info on the
specified interface. The parameter, interface, must be a valid network interface
either initiated by the operating system during the boot sequence or altered by
the user. It follows the same naming constraints as above—abbreviated version
of a network interface followed by a number. Either method produces a record
similar to the one displayed below.
Eth0 Link encap:Ethernet HWaddr 00:E0:29:34:2E:87
inet addr:1.2.3.4 Bcast:1.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1000 Metric: 1
RX packet:31241 errors:0 dropped:0 overruns:0 frame:0
TX packet:74 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RXbyes:441771 (4.2 Mb) TXbytes:5950 (5.8 Kb)
Interrupt:11 Base address:0x5000
The first set of lines of the display pertains to address information. The
first line lists the network interface type and the hardware address. The second
line starts with an address family id, followed by the domain ip address, a
broadcast ip address, and a netmask. The domain ip address is the address
assigned to the interface. Incoming packets will be destined for this address.
The broadcast ip address is the address sent to network. This is what the
network sees as you interact with it. The netmask determines how much of your
ip address users on the network can see.
Smith 3
The second set of lines of the display pertains to data packet transfer
information. The third line starts with the network interface’s status (up/down),
shows the maximum transmission unit (MTU), and finally, the routing metric.
One MTU has the transmission capacity of about 1 byte. Thus, MTU signifies the
max size packet that can be exported using the displayed device in bytes.
The routing metric is synonymous with the number of route points
between the destination and the host. High routing metric values are equivalent
to many route points. If a path has many route points this means that there are
many checkpoints between the start computer and the destination computer. As
the number of checkpoints increase, the chance of data corruption also
increases, therefore, a high routing metric is usually a negative trait for a network
interface.
Lines four, five, and six show statistics associated with the number of
received packets and the number of transmitted packets through the network
interface. The first value is the total received/transferred, followed by the
number of packets received with errors, lost packets, and other packet
transmission stats. Line seven displays the amount of packet information
transmitted and received in bytes and line eight shows the number of times the
device generated an interrupt.
NETSTAT
Netstat has primarily one purpose
 Network interface evaluation
Network Interface Evaluation
Syntax: netstat -i
This command produces the exact output as that of ifconfig, however, the
command is open to all users; it cannot alter network configurations like ifconfig.
A sample output is listed below.
Kernel Interface table
Iface MTU Met
Eth0 1500 0
Lo
16436 0
RX-OK
03448320
686
RX-Err RX-Drp
4644
4643
0
0
(Display continued)
Iface
Eht0
Lo
TX-OK TX-Err
866484 0
686
0
TX-Drp TX-OVR
0
0
0
0
RX-OVR
0
0
Smith 4
The display above lists the packet transfer information of the network
interfaces currently setup on a computer. If a user want is interested in checking
all of the configuration information on one of the initiated interfaces, the syntax
listed below would accomplish the task.
Syntax: netstat -i -e
This command would display the configuration information in exactly the
same manner as the ifconfig command. The only difference is that the user
would not be able to alter the configurations. If something is incorrectly setup,
the user would have to attain root privileges and use the syntax strings listed
above to correct problems.
Though netstat may seem like a weaker version of ifconfig, this is not
exactly the case. The ability to display ifconfig information is only one of its
purposes. Netstat can also displays all of the internet activity on all network
interfaces along with all of the domain socket (internal network) connections.
Ifconfig and Netstat have many parameters, each of which manipulates
display data in a different way, display different sets of data. Both, however,
work hand in hand when creating and monitoring a network interface, and
ensuring that network connections operate in an orderly, efficient manner.